Privacy Policy
Last Updated: March 14, 2026
1. Introduction & Controller Identity
This Privacy Policy explains how Fj ApS (âweâ, âusâ, âourâ) collects, uses, and protects your personal data when you visit this website and when you contact us about our workplace innovation education and professional development programmes offered to participants and organisations across Canada. This policy is written to be practical and readable, while reflecting requirements under the EU General Data Protection Regulation (GDPR) and applicable Danish data protection rules.
Data Controller: Fj ApS, Ăsterbrogade 154kl, 2100 København, Denmark. Email: [email protected]. Phone: +45 33 12 84 69.
If you have questions about privacy, you can contact us using the email address above. At this time, Fj ApS does not appoint a dedicated Data Protection Officer (DPO) because we do not conduct large-scale processing of special-category data; however, we treat privacy inquiries as a priority and respond within a reasonable timeframe.
Effective Date: March 14, 2026.
2. Personal Data We Collect
The personal data we collect depends on how you interact with the site. We collect only what is needed to operate the site, respond to inquiries, andâif you chooseâmeasure usage and advertising performance.
- Identity and contact data: name, email address, and phone number (if provided).
- Inquiry and form content: programme selection, your message, scheduling constraints (such as time zone coverage), and any organisational context you choose to share.
- Technical data: IP address, browser type, device information, operating system, language preferences, and approximate location derived from IP (at country/region level).
- Usage data: pages viewed, time spent on pages, referrer URLs, interactions such as button clicks, and navigation paths on the site.
- Cookies and identifiers: first-party cookies used for session continuity and consent storage, plus optional analytics and marketing identifiers if you consent (see Section 4).
- Conversion events: events such as submitting an inquiry form or viewing key pages, used to measure performance of the site and advertising (only where consent is required and has been granted for the relevant category).
We do not intentionally collect special-category data (such as health information, religious beliefs, political opinions), financial account details, or government identification numbers through this website. Please do not include such information in your message.
3. Why We Process Personal Data & Legal Basis (GDPR Art. 6)
We process personal data for specific purposes and rely on the legal bases set out under GDPR Article 6. Where consent is used, you can withdraw it at any time (see Section 5).
- Responding to inquiries and registration requests: to reply to your message, confirm programme scope, and provide information you requested. Legal basis: Art. 6(1)(b) (steps prior to entering into a contract) and, where applicable, Art. 6(1)(a) (consent).
- Providing and improving the website: to ensure the site functions, troubleshoot errors, and improve content clarity. Legal basis: Art. 6(1)(f) (legitimate interests in operating a reliable website).
- Security and fraud prevention: to protect the site from abusive traffic, spam, and malicious activity. Legal basis: Art. 6(1)(f) (legitimate interests in protecting systems and users).
- Analytics (optional): to understand aggregated usage and improve site structure and content. Legal basis: Art. 6(1)(a) (consent).
- Marketing and advertising measurement (optional): to measure campaign performance, build audiences, and attribute conversions for advertising. Legal basis: Art. 6(1)(a) (consent).
- Legal and compliance obligations: to comply with applicable legal requirements. Legal basis: Art. 6(1)(c) (legal obligation).
Automated Decision-Making (Art. 22): We do not engage in automated decision-making or profiling that produces legal or similarly significant effects for you. Advertising tools may create audience segments (for example, âvisited a pageâ), but these do not decide eligibility for services and do not have legal effects.
4. Cookies & Tracking
Cookies are small text files stored on your device. We also use similar technologies such as pixel tags. Our cookie categories are aligned across this Privacy Policy and our Cookies Policy. You can manage cookie categories using the cookie banner and the âManage cookie preferencesâ link in the footer.
Essential (always active)
Essential cookies are required to operate the website and remember your core settings. They do not require consent under applicable ePrivacy rules when they are strictly necessary. Examples include:
- _site_session: maintains basic session continuity and helps prevent misuse. Retention: session to up to 12 months depending on configuration.
- cookie_consent: stores your cookie preference choices. Retention: 12 months.
- CSRF and security tokens (where used): help protect forms from tampering and automated abuse. Retention: typically session-based.
Analytics (optional, consent-based)
If you consent to analytics cookies, we may use Google Analytics 4 (GA4) with IP anonymization to understand how visitors use the site. Typical cookies include _ga and _ga_XXXXXXXXXX. Analytics data retention is typically set to 14 months. Analytics helps us answer questions such as which pages are read most, which navigation paths are confusing, and whether content is accessible across devices.
Marketing (optional, consent-based)
If you consent to marketing cookies, we may use advertising and conversion measurement tools such as Google Ads and Meta technologies. Typical cookies include _gcl_au, _fbp, and _fbc. These cookies can be used to measure conversions, limit repeated ad exposure, and build remarketing or lookalike audiences. Marketing cookies do not change programme content or pricing; they relate to advertising measurement and relevance.
In addition to cookies, some partners may process device identifiers derived from IP address and User-Agent or use server-side event forwarding (for example, conversion APIs). Where consent is required, we only activate these categories after you have provided consent.
5. Consent Management (EEA/UK)
Users receive a cookie notice and can choose which optional cookie categories to enable. Analytics and marketing cookies activate only after explicit, informed, freely given consent (GDPR Art. 6(1)(a)). Your choice is stored in the cookie_consent cookie (typically for 12 months) so you do not need to repeat the same selection on every visit.
You can withdraw or change consent at any time by using the âManage cookie preferencesâ link in the footer or by clearing cookies in your browser. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal.
6. Sharing With Advertising & Service Partners
We use carefully selected service providers to run the website and, where you consent, to measure and improve performance. We do not sell personal data. We share personal data only when necessary for the purposes described in this policy and under appropriate safeguards.
- Google LLC: analytics and advertising measurement (for example GA4, Google Ads, Google Tag Manager, and remarketing where enabled). Data may include cookie identifiers, usage events, and conversion events. Privacy information: https://policies.google.com/privacy.
- Meta Platforms, Inc.: marketing measurement and audiences (for example Meta Pixel, Custom Audiences, lookalike audiences, and conversion APIs where enabled). Data may include page views, conversion events, cookie identifiers, and hashed identifiers when used. Privacy information: https://www.facebook.com/privacy/policy.
- Cloudflare, Inc.: content delivery network and security services, which may process IP addresses for threat detection and performance. Privacy information: https://www.cloudflare.com/privacypolicy/.
These providers act as processors or independent controllers depending on the specific tool and configuration. We configure tools to limit data where practical (for example, IP anonymization in analytics where available) and only enable non-essential categories after consent.
We do not permit these providers to use site data for their own independent commercial purposes beyond providing services and improving their platforms in line with their terms. You can control optional sharing by adjusting cookie preferences.
7. International Data Transfers
Fj ApS is based in Denmark, and we may use service providers located outside the European Economic Area (EEA) and the United Kingdom, including in the United States. When personal data is transferred internationally, we use appropriate safeguards. This may include reliance on the EUâUS Data Privacy Framework (and relevant extensions where applicable) and, where needed, Standard Contractual Clauses (EU 2021/914) as a fallback mechanism. For UK-related transfers, we may use the UK extension to the Data Privacy Framework and/or the UK International Data Transfer Agreement (IDTA) as applicable.
We also apply practical measures such as minimising shared fields, limiting retention, and using transport encryption to reduce risk associated with cross-border transfers.
8. Data Retention
We keep personal data only as long as necessary for the purposes described in this policy. Retention varies by data type:
- Inquiry submissions: typically up to 2 years from the last interaction, so we can follow up on programme questions and maintain a coherent contact record.
- Email correspondence: typically for the duration of the relationship plus up to 1 additional year, unless a longer period is required for dispute handling or compliance.
- Analytics data: typically 14 months (as configured in analytics tools), subject to your consent and cookie settings.
- Marketing cookies: retained according to cookie lifetimes (for example 90 days) and only if you consent.
- Server and security logs: typically up to 90 days, unless needed longer to investigate abuse or security incidents.
- Cookie consent record: we may retain an audit record of consent for up to 3 years where needed to demonstrate compliance.
- Legal/tax records: where applicable, retained for periods required by law.
When retention periods end, data is deleted or anonymised using reasonable technical and organisational measures.
9. Your Rights (GDPR & UK GDPR)
If GDPR applies to your personal data, you have rights that include:
- Right of access (Art. 15)
- Right to rectification (Art. 16)
- Right to erasure (Art. 17)
- Right to restriction of processing (Art. 18)
- Right to data portability (Art. 20)
- Right to object (Art. 21)
- Right to withdraw consent at any time (Art. 7(3))
- Right to lodge a complaint with a supervisory authority (Art. 77)
To exercise rights, email [email protected]. We respond within 30 days, and may extend by up to 60 days for complex requests. We may request additional information to verify identity before fulfilling a request, particularly for deletion or access requests.
Supervisory authority in Denmark: the Danish Data Protection Agency (Datatilsynet). Website: https://www.datatilsynet.dk/. If you are located in another EEA country, you may also contact your local authority. The European Data Protection Board provides an overview of authorities: https://edpb.europa.eu/.
10. Children
This website is not directed at individuals under 16. We do not knowingly collect personal data from minors. If we learn that we have collected personal data from a child under 16 without verifiable parental consent, we will delete it promptly.
11. Do Not Track
This website does not respond to âDo Not Trackâ (DNT) browser signals. Some third-party providers may offer their own mechanisms for limiting tracking or personalisation through their settings.
12. Data Deletion Requests
To request deletion of personal data, email us with the subject line âData Deletion Requestâ and include the email address you used to contact us. We will verify identity and complete deletion within 30 days where feasible. We may retain limited information where required to comply with legal obligations, to resolve disputes, or to enforce agreements.
13. Business Transfers
If Fj ApS is involved in a merger, acquisition, asset sale, financing, reorganisation, or insolvency, personal data may be transferred to a successor entity or counterparty as part of that transaction. If such a transfer materially changes how your data is used, we will provide notice on the website.
14. California (CCPA / CPRA)
While Fj ApS is established in Denmark, we may receive visits from users in the United States. This section provides additional information for California residents where applicable.
Categories of personal information disclosed in the past 12 months may include: identifiers (such as name, email address, IP address, cookie identifiers), internet or network activity (such as page views and interactions), and inferences (such as general interests derived from page interactions). We disclose these categories to service providers and, where you consent, advertising partners for analytics and marketing measurement.
We do not sell personal information as defined by the CCPA. We may share information for cross-context behavioural advertising when marketing cookies are enabled. California residents may opt out by using our cookie preferences panel and disabling marketing cookies.
Subject to verification, California residents may have rights to know, delete, and correct personal information, and to opt out of sale or sharing. To submit a request, email [email protected] with the subject line âCalifornia Privacy Requestâ. You may also use an authorised agent where permitted, with written proof of authorisation.
15. Virginia (VCDPA)
Virginia residents may have rights to access, correct, delete, and obtain a copy of personal data, and to opt out of targeted advertising. We do not sell personal data and do not engage in profiling that produces legal or similarly significant effects.
To submit a request, email [email protected] with the subject line âVirginia Privacy Requestâ. If we decline a request, you can appeal by emailing with the subject line âAppeal of Refusal â Privacy Requestâ. We will respond to appeals within 60 days.
16. Nevada
Nevada residents may submit a verified opt-out request by emailing [email protected] with the subject line âNevada Do Not Sell Requestâ. We do not currently sell personal information under Nevada Revised Statutes Chapter 603A.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, tools, or legal requirements. If changes are material, we will provide a clear notice on the website at least 14 days before the updated policy takes effect. The âLast Updatedâ date at the top of this page will also be revised with each update.
18. Contact
For questions, requests, or concerns about privacy and personal data:
- Legal entity: Fj ApS
- Address: Ăsterbrogade 154kl, 2100 København, Denmark
- Email: [email protected]
- Phone: +45 33 12 84 69